Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Thetempest.exe
-
Size
836KB
-
Sample
231003-lh895ahf6w
-
MD5
1564e0d55798a05392c21c4e32af6c8b
-
SHA1
538205c2ac6d66f796a25571548c31086c2e231a
-
SHA256
030ca745bb45c5cba7e0dc933c2f36aa7c27a3716929027e1b9aa64c6ed60f81
-
SHA512
32dc533f141d22452f97fb3ce58667058b8cf3b1e23659624b2449694a010e41e6909874a808d89306f7fc85c6d2bc2bc2c64a54b9117fe6cd4614c46cfbdd9b
-
SSDEEP
24576:INPx3Tpgh9NZEak0F5SAz6uc1L9J8xVCT5ATqY2BXY6+g7:mBTMTq2MAz6VL9J8xVCT5AT2Y6N
Static task
static1
Behavioral task
behavioral1
Sample
Thetempest.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Thetempest.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
Thetempest.exe
-
Size
836KB
-
MD5
1564e0d55798a05392c21c4e32af6c8b
-
SHA1
538205c2ac6d66f796a25571548c31086c2e231a
-
SHA256
030ca745bb45c5cba7e0dc933c2f36aa7c27a3716929027e1b9aa64c6ed60f81
-
SHA512
32dc533f141d22452f97fb3ce58667058b8cf3b1e23659624b2449694a010e41e6909874a808d89306f7fc85c6d2bc2bc2c64a54b9117fe6cd4614c46cfbdd9b
-
SSDEEP
24576:INPx3Tpgh9NZEak0F5SAz6uc1L9J8xVCT5ATqY2BXY6+g7:mBTMTq2MAz6VL9J8xVCT5AT2Y6N
Score7/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-